From f135aa9db439aa3a94d9ac236777aab9ca17d4c9 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martin@shogunsystems.co.uk>
Date: Wed, 7 Apr 2021 15:15:05 +0100
Subject: [PATCH] JWT auth on admin endpoints

---
 packages/auth/src/index.js                    |  3 +--
 packages/auth/src/middleware/authenticated.js |  2 +-
 packages/auth/src/middleware/index.js         |  6 ++---
 .../src/middleware/{ => passport}/google.js   |  2 +-
 .../auth/src/middleware/{ => passport}/jwt.js |  5 +---
 .../src/middleware/{ => passport}/local.js    |  8 +++---
 .../worker/src/api/controllers/admin/auth.js  | 25 ++++++++++---------
 packages/worker/src/api/routes/admin/index.js | 15 ++++++++---
 8 files changed, 35 insertions(+), 31 deletions(-)
 rename packages/auth/src/middleware/{ => passport}/google.js (91%)
 rename packages/auth/src/middleware/{ => passport}/jwt.js (71%)
 rename packages/auth/src/middleware/{ => passport}/local.js (88%)

diff --git a/packages/auth/src/index.js b/packages/auth/src/index.js
index 778d4fb32e..3088008086 100644
--- a/packages/auth/src/index.js
+++ b/packages/auth/src/index.js
@@ -5,7 +5,6 @@ const JwtStrategy = require("passport-jwt").Strategy
 const CouchDB = require("./db")
 const { StaticDatabases } = require("./db/utils")
 const { jwt, local, google } = require("./middleware")
-const hashing = require("./hashing")
 
 // Strategies
 passport.use(new LocalStrategy(local.options, local.authenticate))
@@ -26,6 +25,6 @@ passport.deserializeUser(async (user, done) => {
   }
 })
 
-// exports.hashing = hashing
+// exports.Cookies = Cookies
 
 module.exports = passport
diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js
index f7ff086b67..7797649b18 100644
--- a/packages/auth/src/middleware/authenticated.js
+++ b/packages/auth/src/middleware/authenticated.js
@@ -22,7 +22,7 @@ module.exports = async (ctx, next) => {
   const cookieAppId = ctx.cookies.get(Cookies.CurrentApp)
   // const builtinRoles = getBuiltinRoles()
   if (appId && cookieAppId !== appId) {
-    setCookie(ctx, appId, "currentapp")
+    setCookie(ctx, appId, Cookies.CurrentApp)
   } else if (cookieAppId) {
     appId = cookieAppId
   }
diff --git a/packages/auth/src/middleware/index.js b/packages/auth/src/middleware/index.js
index a9d07516ed..9d822e5937 100644
--- a/packages/auth/src/middleware/index.js
+++ b/packages/auth/src/middleware/index.js
@@ -1,6 +1,6 @@
-const jwt = require("./jwt")
-const local = require("./local")
-const google = require("./google")
+const jwt = require("./passport/jwt")
+const local = require("./passport/local")
+const google = require("./passport/google")
 
 module.exports = {
   google,
diff --git a/packages/auth/src/middleware/google.js b/packages/auth/src/middleware/passport/google.js
similarity index 91%
rename from packages/auth/src/middleware/google.js
rename to packages/auth/src/middleware/passport/google.js
index 008d4a6816..1ee6583b59 100644
--- a/packages/auth/src/middleware/google.js
+++ b/packages/auth/src/middleware/passport/google.js
@@ -1,4 +1,4 @@
-const CouchDB = require("../db")
+// const CouchDB = require("../db")
 
 exports.options = {
   clientId: process.env.GOOGLE_CLIENT_ID,
diff --git a/packages/auth/src/middleware/jwt.js b/packages/auth/src/middleware/passport/jwt.js
similarity index 71%
rename from packages/auth/src/middleware/jwt.js
rename to packages/auth/src/middleware/passport/jwt.js
index 5d36f0b91e..a619ab994b 100644
--- a/packages/auth/src/middleware/jwt.js
+++ b/packages/auth/src/middleware/passport/jwt.js
@@ -1,7 +1,4 @@
-// const jwt = require("passport-jwt")
-const { Cookies } = require("../constants")
-
-// const ExtractJWT = jwt.ExtractJwt
+const { Cookies } = require("../../constants")
 
 exports.options = {
   jwtFromRequest: function(ctx) {
diff --git a/packages/auth/src/middleware/local.js b/packages/auth/src/middleware/passport/local.js
similarity index 88%
rename from packages/auth/src/middleware/local.js
rename to packages/auth/src/middleware/passport/local.js
index 85a68af87c..379ec58dbb 100644
--- a/packages/auth/src/middleware/local.js
+++ b/packages/auth/src/middleware/passport/local.js
@@ -1,8 +1,8 @@
 const jwt = require("jsonwebtoken")
-const { UserStatus } = require("../constants")
-const CouchDB = require("../db")
-const { StaticDatabases, generateUserID } = require("../db/utils")
-const { compare } = require("../hashing")
+const { UserStatus } = require("../../constants")
+const CouchDB = require("../../db")
+const { StaticDatabases, generateUserID } = require("../../db/utils")
+const { compare } = require("../../hashing")
 
 const INVALID_ERR = "Invalid Credentials"
 
diff --git a/packages/worker/src/api/controllers/admin/auth.js b/packages/worker/src/api/controllers/admin/auth.js
index 07b08c7d1f..2c41c1f47d 100644
--- a/packages/worker/src/api/controllers/admin/auth.js
+++ b/packages/worker/src/api/controllers/admin/auth.js
@@ -1,20 +1,21 @@
-const jwt = require("jsonwebtoken")
-const CouchDB = require("../../../db")
 const passport = require("@budibase/auth")
 
 exports.authenticate = async (ctx, next) => {
-  return passport.authenticate("local", async (err, user, info, status) => {
-    // TODO: better
+  return passport.authenticate("local", async (err, user) => {
     if (err) {
-      ctx.throw(err)
+      return ctx.throw(err)
     }
 
-    // await ctx.login(user)
-    ctx.body = {
-      err,
-      user,
-      info,
-      status,
-    }
+    const expires = new Date()
+    expires.setDate(expires.getDate() + 1)
+
+    ctx.cookies.set("budibase:auth", user.token, {
+      expires,
+      path: "/",
+      httpOnly: false,
+      overwrite: true,
+    })
+
+    ctx.body = { success: true }
   })(ctx, next)
 }
diff --git a/packages/worker/src/api/routes/admin/index.js b/packages/worker/src/api/routes/admin/index.js
index 5a6aaf77e6..c87e395a22 100644
--- a/packages/worker/src/api/routes/admin/index.js
+++ b/packages/worker/src/api/routes/admin/index.js
@@ -2,15 +2,22 @@ const Router = require("@koa/router")
 const passport = require("@budibase/auth")
 const controller = require("../../controllers/admin")
 const authController = require("../../controllers/admin/auth")
-const authenticated = require("../../../middleware/authenticated")
 
 const router = Router()
 
 router
-  .post("/api/admin/users", authenticated, controller.userSave)
+  .post("/api/admin/users", passport.authenticate("jwt"), controller.userSave)
   .post("/api/admin/authenticate", authController.authenticate)
-  .delete("/api/admin/users/:email", authenticated, controller.userDelete)
+  .delete(
+    "/api/admin/users/:email",
+    passport.authenticate("jwt"),
+    controller.userDelete
+  )
   .get("/api/admin/users", passport.authenticate("jwt"), controller.userFetch)
-  .get("/api/admin/users/:email", authenticated, controller.userFind)
+  .get(
+    "/api/admin/users/:email",
+    passport.authenticate("jwt"),
+    controller.userFind
+  )
 
 module.exports = router